From cfbff88e457fc6dc82cf1d511038268e10b69780 Mon Sep 17 00:00:00 2001
From: Marc Mintel <marc@mintel.me>
Date: Sat, 28 Feb 2026 00:19:04 +0100
Subject: [PATCH] fix(deploy): rename traefik routers dynamically by
 PROJECT_NAME to prevent testing environment from overwriting production proxy
 rules

---
 docker-compose.yaml | 42 +++++++++++++++++++++---------------------
 1 file changed, 21 insertions(+), 21 deletions(-)

diff --git a/docker-compose.yaml b/docker-compose.yaml
index 3c15c5c..52708c3 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -9,23 +9,23 @@ services:
       - ${ENV_FILE:-.env}
     labels:
       - "traefik.enable=true"
-      - "traefik.http.routers.mb-grid.rule=Host(`${TRAEFIK_HOST:-mb-grid-solutions.localhost}`)"
-      - "traefik.http.routers.mb-grid.entrypoints=websecure"
-      - "traefik.http.routers.mb-grid.tls.certresolver=le"
-      - "traefik.http.routers.mb-grid.tls=true"
-      - "traefik.http.routers.mb-grid.priority=1000"
-      - "traefik.http.routers.mb-grid.service=mb-grid-app-svc"
-      - "traefik.http.services.mb-grid-app-svc.loadbalancer.server.port=3000"
-      - "traefik.http.routers.mb-grid.middlewares=${TRAEFIK_MIDDLEWARES:-mb-grid-auth,mb-grid-forward,compress}"
+      - "traefik.http.routers.${PROJECT_NAME:-mb-grid}.rule=Host(`${TRAEFIK_HOST:-mb-grid-solutions.localhost}`)"
+      - "traefik.http.routers.${PROJECT_NAME:-mb-grid}.entrypoints=websecure"
+      - "traefik.http.routers.${PROJECT_NAME:-mb-grid}.tls.certresolver=le"
+      - "traefik.http.routers.${PROJECT_NAME:-mb-grid}.tls=true"
+      - "traefik.http.routers.${PROJECT_NAME:-mb-grid}.priority=1000"
+      - "traefik.http.routers.${PROJECT_NAME:-mb-grid}.service=${PROJECT_NAME:-mb-grid}-app-svc"
+      - "traefik.http.services.${PROJECT_NAME:-mb-grid}-app-svc.loadbalancer.server.port=3000"
+      - "traefik.http.routers.${PROJECT_NAME:-mb-grid}.middlewares=${TRAEFIK_MIDDLEWARES:-mb-grid-auth,mb-grid-forward,compress}"
       - "traefik.docker.network=infra"
 
       # Public Router – paths that bypass Gatekeeper auth
-      - "traefik.http.routers.mb-grid-public.rule=Host(`${TRAEFIK_HOST:-mb-grid-solutions.localhost}`) && PathRegexp(`^/([a-z]{2}/)?(health|login|gatekeeper|uploads|media|robots\\.txt|manifest\\.webmanifest|sitemap(-[0-9]+)?\\.xml|(.*/)?api/og(/.*)?|(.*/)?opengraph-image.*)`)"
-      - "traefik.http.routers.mb-grid-public.entrypoints=websecure"
-      - "traefik.http.routers.mb-grid-public.tls.certresolver=le"
-      - "traefik.http.routers.mb-grid-public.tls=true"
-      - "traefik.http.routers.mb-grid-public.service=mb-grid-app-svc"
-      - "traefik.http.routers.mb-grid-public.priority=2000"
+      - "traefik.http.routers.${PROJECT_NAME:-mb-grid}-public.rule=Host(`${TRAEFIK_HOST:-mb-grid-solutions.localhost}`) && PathRegexp(`^/([a-z]{2}/)?(health|login|gatekeeper|uploads|media|robots\\.txt|manifest\\.webmanifest|sitemap(-[0-9]+)?\\.xml|(.*/)?api/og(/.*)?|(.*/)?opengraph-image.*)`)"
+      - "traefik.http.routers.${PROJECT_NAME:-mb-grid}-public.entrypoints=websecure"
+      - "traefik.http.routers.${PROJECT_NAME:-mb-grid}-public.tls.certresolver=le"
+      - "traefik.http.routers.${PROJECT_NAME:-mb-grid}-public.tls=true"
+      - "traefik.http.routers.${PROJECT_NAME:-mb-grid}-public.service=${PROJECT_NAME:-mb-grid}-app-svc"
+      - "traefik.http.routers.${PROJECT_NAME:-mb-grid}-public.priority=2000"
 
       # Forwarded Headers (Protocol Normalization)
       - "traefik.http.middlewares.${PROJECT_NAME:-mb-grid}-forward.headers.customrequestheaders.X-Forwarded-Proto=https"
@@ -66,18 +66,18 @@ services:
       - "traefik.http.services.mb-grid-gatekeeper-svc.loadbalancer.server.port=3000"
 
       # Gatekeeper Verification Middleware
-      - "traefik.http.middlewares.${PROJECT_NAME:-mb-grid}-auth.forwardauth.address=http://mb-grid-gatekeeper:3000/gatekeeper/api/verify"
+      - "traefik.http.middlewares.${PROJECT_NAME:-mb-grid}-auth.forwardauth.address=http://${PROJECT_NAME:-mb-grid}-gatekeeper:3000/gatekeeper/api/verify"
       - "traefik.http.middlewares.${PROJECT_NAME:-mb-grid}-auth.forwardauth.trustForwardHeader=true"
       - "traefik.http.middlewares.${PROJECT_NAME:-mb-grid}-auth.forwardauth.authRequestHeaders=X-Forwarded-Host,X-Forwarded-Proto,X-Forwarded-For,Cookie"
       - "traefik.http.middlewares.${PROJECT_NAME:-mb-grid}-auth.forwardauth.authResponseHeaders=X-Auth-User"
 
       # Gatekeeper Public Router (Login/Auth UI)
-      - "traefik.http.routers.mb-grid-gatekeeper.rule=(Host(`${TRAEFIK_HOST:-mb-grid-solutions.localhost}`) && PathPrefix(`/gatekeeper`))"
-      - "traefik.http.routers.mb-grid-gatekeeper.entrypoints=websecure"
-      - "traefik.http.routers.mb-grid-gatekeeper.tls.certresolver=le"
-      - "traefik.http.routers.mb-grid-gatekeeper.tls=true"
-      - "traefik.http.routers.mb-grid-gatekeeper.priority=2000"
-      - "traefik.http.routers.mb-grid-gatekeeper.service=mb-grid-gatekeeper-svc"
+      - "traefik.http.routers.${PROJECT_NAME:-mb-grid}-gatekeeper.rule=(Host(`${TRAEFIK_HOST:-mb-grid-solutions.localhost}`) && PathPrefix(`/gatekeeper`))"
+      - "traefik.http.routers.${PROJECT_NAME:-mb-grid}-gatekeeper.entrypoints=websecure"
+      - "traefik.http.routers.${PROJECT_NAME:-mb-grid}-gatekeeper.tls.certresolver=le"
+      - "traefik.http.routers.${PROJECT_NAME:-mb-grid}-gatekeeper.tls=true"
+      - "traefik.http.routers.${PROJECT_NAME:-mb-grid}-gatekeeper.priority=2000"
+      - "traefik.http.routers.${PROJECT_NAME:-mb-grid}-gatekeeper.service=${PROJECT_NAME:-mb-grid}-gatekeeper-svc"
       - "traefik.docker.network=infra"
 
   mb-grid-db: